CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

PT-2022-16095 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The issue arises when a graph node is invalid, causing TensorFlow to leak memory...

EXOCET - AV-evading, Undetectable, Payload Delivery Tool

EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode Galois/Counter Mode. Metasploit's Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware. However, i...

GHSA-VRW4-W73R-6MM8 TimelockController vulnerability in OpenZeppelin Contracts

Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...

GHSA-FG47-3C2X-M2WR TimelockController vulnerability in OpenZeppelin Contracts

Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...

Privilege Escalation

@openzeppelin/contracts is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization of roles in the TimelockController function which allowed an actor with executor role to escalate privileges...

CVE-2021-39168

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...

CVE-2021-39168

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...

CVE-2021-39167

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...

Code injection

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...

Code injection

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...

CVE-2021-39167 TimelockController vulnerability in OpenZeppelin Contracts

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...

CVE-2021-39168

OpenZeppelin's TimelockController vulnerability (OpenZeppelin Contracts) allows an actor with the executor role to escalate privileges. Affected: TimelockController in OpenZeppelin Contracts (readable as part of the OpenZeppelin Contracts library). Root cause: insufficient sanitization/controls a...

OpenZepplin 安全漏洞

OpenZepplin is a library for smart contract development. A security vulnerability exists in OpenZepplin that allows a participant with the role of executor to elevate privileges...

OpenZepplin 安全漏洞

OpenZepplin is a library for smart contract development. OpenZepplin has a security vulnerability that stems from a vulnerability in the TimelockController in the affected version that allows elevation of privilege for participants with the executor role...

PYSEC-2021-122

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

Botkube - An App That Helps You Monitor Your Kubernetes Cluster, Debug Critical Deployments And Gives Recommendations For Standard Practices

For complete documentation visit www.botkube.io BotKube integration with Slack, Mattermost or Microsoft Teams helps you monitor your Kubernetes cluster, debug critical deployments and gives recommendations for standard practices by running checks on the Kubernetes resources. You can also ask...

MK-AUTH Cross-Site Request Forgery Vulnerability

MK-AUTH is an access control system developed by Pedro Filho, an individual developer in Brazil. A cross-site request forgery vulnerability exists in MK-AUTH through version 19.01 K4.9, which allows passwords to be changed via the central executor central.php. No details of the vulnerability are...

openSUSE Security Update : pacemaker (openSUSE-2020-1825)

This update for pacemaker fixes the following issues : - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: add vim modelines to agents - extra: quote shell variables in agent code where appropriate bsc1175557 - extra: remove trailing whitespace from...

CVE-2020-13347

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...